Repository: cloudstack Updated Branches: refs/heads/rbac 748c090b2 -> 1c85af319
A production/QA Setup does not populate the admin and SYSTEM accounts during database setup. So IAM plugin needs to insert the necessary group <-> account map in the DB during startup Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/1c85af31 Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/1c85af31 Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/1c85af31 Branch: refs/heads/rbac Commit: 1c85af319340b28152a75606da577ec8e6eb51ca Parents: 748c090 Author: Prachi Damle <pra...@cloud.com> Authored: Mon Mar 10 17:27:32 2014 -0700 Committer: Prachi Damle <pra...@cloud.com> Committed: Mon Mar 10 17:30:00 2014 -0700 ---------------------------------------------------------------------- .../cloudstack/iam/IAMApiServiceImpl.java | 95 ++++++++++++++++++++ 1 file changed, 95 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/1c85af31/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java ---------------------------------------------------------------------- diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java b/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java index 97519f2..47b7697 100644 --- a/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java +++ b/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java @@ -16,6 +16,9 @@ // under the License. package org.apache.cloudstack.iam; +import java.sql.PreparedStatement; +import java.sql.ResultSet; +import java.sql.SQLException; import java.util.ArrayList; import java.util.Collections; import java.util.HashMap; @@ -111,6 +114,11 @@ import com.cloud.utils.component.Manager; import com.cloud.utils.component.ManagerBase; import com.cloud.utils.db.DB; import com.cloud.utils.db.EntityManager; +import com.cloud.utils.db.Transaction; +import com.cloud.utils.db.TransactionCallbackNoReturn; +import com.cloud.utils.db.TransactionLegacy; +import com.cloud.utils.db.TransactionStatus; +import com.cloud.utils.exception.CloudRuntimeException; import com.cloud.vm.InstanceGroupVO; import com.cloud.vm.VMInstanceVO; import com.cloud.vm.dao.NicIpAliasVO; @@ -190,6 +198,11 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man @Override public boolean configure(final String name, final Map<String, Object> params) throws ConfigurationException { + + // populate group <-> account association if not present for CS admin + // and system accounts + populateIAMGroupAdminAccountMap(); + _messageBus.subscribe(AccountManager.MESSAGE_ADD_ACCOUNT_EVENT, new MessageSubscriber() { @Override public void onPublishMessage(String senderAddress, String subject, Object obj) { @@ -338,6 +351,88 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man return super.configure(name, params); } + private void populateIAMGroupAdminAccountMap() { + + Transaction.execute(new TransactionCallbackNoReturn() { + @Override + public void doInTransactionWithoutResult(TransactionStatus status) { + TransactionLegacy txn = TransactionLegacy.currentTxn(); + + String searchQuery = "Select id from `cloud`.`iam_group_account_map` where account_id = ? and removed is null"; + ResultSet rs = null; + PreparedStatement acctQuery = null; + PreparedStatement acctInsert = null; + // find if the system account is present in the map + try { + acctQuery = txn.prepareAutoCloseStatement(searchQuery); + acctQuery.setLong(1, Account.ACCOUNT_ID_SYSTEM); + + rs = acctQuery.executeQuery(); + if (!rs.next()) { + acctInsert = txn + .prepareAutoCloseStatement("INSERT INTO `cloud`.`iam_group_account_map` (group_id, account_id, created) values(?, ?, Now())"); + // insert entry in iam_group_account_map table + acctInsert.setLong(1, Account.ACCOUNT_TYPE_ADMIN + 1); + acctInsert.setLong(2, Account.ACCOUNT_ID_SYSTEM); + acctInsert.executeUpdate(); + } + } catch (SQLException ex) { + String msg = "Unable to populate iam_group_account_map for SYSTEM account." + ex.getMessage(); + s_logger.error(msg); + throw new CloudRuntimeException(msg, ex); + } finally { + try { + if (acctInsert != null) { + acctInsert.close(); + } + if (rs != null) { + rs.close(); + } + if (acctQuery != null) { + acctQuery.close(); + } + } catch (SQLException e) { + } + } + + // find if the admin account is present in the map + try { + acctQuery = txn.prepareAutoCloseStatement(searchQuery); + acctQuery.setLong(1, Account.ACCOUNT_ID_SYSTEM + 1); + + rs = acctQuery.executeQuery(); + if (!rs.next()) { + acctInsert = txn + .prepareAutoCloseStatement("INSERT INTO `cloud`.`iam_group_account_map` (group_id, account_id, created) values(?, ?, Now())"); + // insert entry in iam_group_account_map table + acctInsert.setLong(1, Account.ACCOUNT_TYPE_ADMIN + 1); + acctInsert.setLong(2, Account.ACCOUNT_ID_SYSTEM + 1); + acctInsert.executeUpdate(); + } + } catch (SQLException ex) { + String msg = "Unable to populate iam_group_account_map for Admin account." + ex.getMessage(); + s_logger.error(msg); + throw new CloudRuntimeException(msg, ex); + } finally { + try { + if (acctInsert != null) { + acctInsert.close(); + } + if (rs != null) { + rs.close(); + } + if (acctQuery != null) { + acctQuery.close(); + } + } catch (SQLException e) { + } + } + + } + }); + + } + private void addDomainWideResourceAccess(Map<String, Object> params) { IAMEntityType entityType = (IAMEntityType)params.get(ApiConstants.ENTITY_TYPE);
